Integrate Snipe-IT with AzureAD

Snipe-IT is a fantastic, little, open source, asset management tool.

One of the pinpoints when you have new employees coming onboard is you have to manually provision their account. As such it’s helpful to have Snipe-IT integrated with a directory service. Ideally, this would be achieved via SAML but until that feature is available, the method below will help to get your user base into the system.

Requirements

This guide assumes your Snipe-IT instance has a public IP address but can easily be adapted to work with a private IP.

We’ll be setting up LDAP sync with Azure Active Directory Domain Services (AADDS). The project does provide documentation on LDAP configuration but I’ve found it requires some nuance in order to get it working with AzureAD. Before continuing ensure:

  • You have Azure AD Domain Services Configured.
  • You know your Snipe-IT instances public IP address. If using the hosted version, support can provide this to you.
  • You have configured the network security group used by ADDS to allow TCP port 636 (LDAP) traffic from your Snipe-IT IP address.
  • You have created a service account to handle the LDAP querying. ADDS can take some time to sync a new account. Allow time for a new account to be created.

Syncing Methods

The LDAP integration in Snipe-IT can work in two ways:
1. User syncing.
2. LDAP login.

With user syncing, Snipe-IT simply does an an import of users (without their password) from your directory.

With LDAP login, Snipe-IT users can log into the Snipe-IT dashboard using credentials that have been synchronized from the directory.

In my org, we don’t allow non-IT staff to login to the dashboard. Additionally, synchronizing passwords doesn’t sit well for me from a security perspective as I prefer Azure services to be the main authentication point. As such, I’ll be configuring LDAP in user syncing mode only. Note: this method requires IT staff to be manually provisioned with a username/password from the Snipe-IT dashboard.

Implementation

Start by going to https://COMPANY.snipe-it.io/ > Settings > LDAP

LDAP Integration: Enabled
Active Directory: This is an Active Directory server (Checked)
LDAP Password Sync: No (Unchecked) 
Active Directory domain: COMPANY.com
LDAP Serverldaps://sldap.COMPANY.com:636 (Note port 636 used for LDAPS over SSL)
Use TLS: No (Unchecked)
LDAP SSL certificate validation: No (Unchecked)
LDAP Bind Username: SERVICEACCOUNT@COMPANY.com
LDAP Bind Password: YOUR SERVICE ACCOUNT PASSWORD
Base Bind DN: DC=COMPANY,DC=com
LDAP Filter: &(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))
Username Field: samaccountname
Last Name: sn
LDAP First Name: givenname
LDAP Authentication query: samaccountname=
LDAP Version: 3
LDAP Active Flag: LEAVE BLANK
LDAP Employee Number: LEAVE BLANK
LDAP Email: userprincipalname
Custom Password Reset URL: ANY URL YOU WOULD LIKE

Once configured, go to your Snipe-IT users page and you’ll see a new option to import users.

Next setup a Cron job to frequently run LDAP sync e.g. every night. If you are used the hosted version, contact support and they’ll set this up for you.
For self-hosted instances, follow the instructions here.

It’s time to make your LMS Sexy

Whether you’ve been a Student, Teacher or a System Administrator in an educational environment over the past 10 years you’ll know one thing; educational learning tools are damm ugly!

This especially applies to the largely deployed, Moodle, which is Open Source. Moodle, being free (as in beer as well as speech), with it’s open source nature is the the more flexible and ultimately better option within the field of E-Learning. I have spent a lot of time administrating  Moodle Systems, I can attest to the fact that the UI leaves much to be desired. I am of the belief that this stems from a consistent problem with open source projects – Open source projects traditionally attract a lot of very clever dev’s but never enough graphic design and UI guys. Side note: theres is huge opportunity for Photoshop kids to bulk out their resumé by contributing to FOSS projects.

The educational sector always seems to be just as far behind in technology deployments as Microsoft is in releasing it’s lab projects. Moodle is like a lot of other OS web apps in that it supports theming with the use of 3rd party skins.  Honestly though, most of them out there are garbage. Or.. at least that was the case until Snap. We’ll get to snap in a sec.

Blackboard

Moodle’s major competitor, Blackboard, has steadily been investing heavily in their own competitors product in recent years. It’s now at the point where the proprietary software maker, Blackboard are the largest contributors to the Moodle upstream codebase. Blackboard owns a subsidiary company called ‘MoodleRooms’ which basically provides hosting and support of Moodle for institutions that don’t want roll their own. That’s where their incentive to contribute and invest in the Moodle ecosystem comes from. They also do some custom, proprietary, development which if you ever meet them they’ll try to sell you hard.

Snap

A few years back, the one reason you’d possibly choose to go the MoodleRooms way was their custom skin called Snap. Unfortunately, as this skin was proprietary you had use their service to use this theme. This theme was however the bomb! Night/day, however you want to phrase it. The theme brought all that was good about the Modern internet, Web 2.0, adaptive/ responsive layout, typeface focused design, minimalism, clear iconography, glyphs and SVG graphics, to the outdated Moodle platform. I managed to attend the MoodleRooms Teaching and Learning Forum back in 2015 where the designer of SNAP, Stuart Lamour, presented much of the reasoning for the design decision. I remember leaving thinking “why has no one done this before?”. I also left the event with regret that I couldn’t use Snap in the self hosted Moodle instances I manage.

The positive outcome of Blackboard’s involvement with Moodle is that later that year, they released SNAP back into the Moodle community and made it open source. I immediately started deploying it into our production Moodle environments with amazing feedback from teachers. Finally our Moodle platforms were doing the now common HTML5/ responsive approach correctly. Snap does not just shuffle elements around the page to be ‘responsive’ like all of the other themes were claiming. Snap actually delivers the appropriate assets on screen relative to the device.

I urge to you take a look at Snap here on Github if you’re a Moodle admin.

A few screenshots from snap, you wouldn’t believe this is Moodle:

Home pagescreen-shot-2017-03-02-at-9-44-18-pm

Course pages look appealing and make you want to dig right in. This page also provides universal search allowing users to search the entirety of your Moodle database for courses, assets, learning materials, users, etc.

screen-shot-2017-03-02-at-9-54-42-pm

Snap combined with well designed SCORM pages make for an enticing and well designed course page.

screen-shot-2017-03-02-at-9-55-07-pm